Mile2-Security CPTS - Certified Pen Testing Specialist - MK0-201 Exam Questions
QUESTION NO: 1
Why is it important to the security of a network to create a complex password for the SA account on a MSSQL server installation?
Why is it important to the security of a network to create a complex password for the SA account on a MSSQL server installation?
Correct Answer: A
QUESTION NO: 2
MS SQL server makes use of Stored Procedures. There is an extended stored procedure called sp_makewebtask that can be used with data being returned from executed queries.
What would you use this stored procedure for?
MS SQL server makes use of Stored Procedures. There is an extended stored procedure called sp_makewebtask that can be used with data being returned from executed queries.
What would you use this stored procedure for?
Correct Answer: A
QUESTION NO: 3
A system administrator deploys a Windows-based server in a publicly-accessible DMZ. The sole purpose of this machine is to run IIS and allow anonymous access. After a few days the security log is full of failed logins against the Administrator account. What is the best strategy to totally prevent future password guessing attempts? Choose the best answer.
A system administrator deploys a Windows-based server in a publicly-accessible DMZ. The sole purpose of this machine is to run IIS and allow anonymous access. After a few days the security log is full of failed logins against the Administrator account. What is the best strategy to totally prevent future password guessing attempts? Choose the best answer.
Correct Answer: B
QUESTION NO: 4
Which of the following techniques would be effective to get around some of the blocking rules on certain firewalls?
The same technique could be used to avoid detection by Intrusion Detection Systems (IDS) in some cases.
Which of the following techniques would be effective to get around some of the blocking rules on certain firewalls?
The same technique could be used to avoid detection by Intrusion Detection Systems (IDS) in some cases.
Correct Answer: C
QUESTION NO: 5
Which of the following advanced search keywords do attackers take advantage of in order to see web page content without actually connecting to the target web server? Choose the best answer.
Which of the following advanced search keywords do attackers take advantage of in order to see web page content without actually connecting to the target web server? Choose the best answer.
Correct Answer: C
QUESTION NO: 6
Which of the following ports could be associated with a trojan on a Windows computer?
Choose two.
Which of the following ports could be associated with a trojan on a Windows computer?
Choose two.
Correct Answer: B,C
QUESTION NO: 7
There is a method which allows you to find information on hosts located behind a firewall by using packets similar to the packets used by Traceroute.
This method attempts to find out what are the rules in place on the gateway.
What is the name of this method?
There is a method which allows you to find information on hosts located behind a firewall by using packets similar to the packets used by Traceroute.
This method attempts to find out what are the rules in place on the gateway.
What is the name of this method?
Correct Answer: A
QUESTION NO: 8
When a company wishes to have some assurance that a product is working as per the vendor claim they usually seek certification. One of the most commonly used certification schemes today is called Common Criteria (CC). Which of the following terms describe a product that is to be evaluated under the Common Criteria to see how well the product meets the claims made by the vendor?
When a company wishes to have some assurance that a product is working as per the vendor claim they usually seek certification. One of the most commonly used certification schemes today is called Common Criteria (CC). Which of the following terms describe a product that is to be evaluated under the Common Criteria to see how well the product meets the claims made by the vendor?
Correct Answer: C
QUESTION NO: 9
One of your clients has been the victim of a brute force attack against their SSH server.
They ask you what could be done to protect their Linux servers. You propose the use of IPTables (the built in kernel firewall) to limit connection attempts to protect their servers.
You agree with your client to limit connections to the SSH port to a maximum of only three trials per minutes considering there is only one administrator who has a valid need to connect remotely onto this port.
If the threshold of three connections is exceeded, the attacker will have to wait for another
60 seconds before it will resume allowing connections again.
Which of the following IPTables entry would meet your clients needs?
One of your clients has been the victim of a brute force attack against their SSH server.
They ask you what could be done to protect their Linux servers. You propose the use of IPTables (the built in kernel firewall) to limit connection attempts to protect their servers.
You agree with your client to limit connections to the SSH port to a maximum of only three trials per minutes considering there is only one administrator who has a valid need to connect remotely onto this port.
If the threshold of three connections is exceeded, the attacker will have to wait for another
60 seconds before it will resume allowing connections again.
Which of the following IPTables entry would meet your clients needs?
Correct Answer: C
